Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 21, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Uber suffered a massive data breach last year that exposed the personal data of 57 million customers and drivers, reports Bloomberg. The attack occurred in October of 2016 and included personal information from 50 million Uber riders and 7 million Uber drivers.

    Two hackers reportedly accessed a private GitHub repository used by Uber's software engineers and then used those credentials to breach an Amazon Web Services account that contained an archive of rider and driver information.

    Email addresses and phone numbers were stolen from riders, while hackers were able to obtain email addresses, phone numbers, and driver's license numbers from drivers. Uber says social security numbers and trip location data were not accessed in the attack.

    Rather than disclosing the attack when Uber learned of it in November of 2016, the company instead paid hackers $100,000 to delete the data and keep quiet about the breach. Uber did not disclose the identity of the hackers, but did say it believes the information was not used or otherwise sold.

    Uber's new CEO, Dara Khosrowshahi, says the attack and the coverup should not have happened, and that Uber is "changing the way we do business." Khosrowshahi says he is aiming to change the way Uber operates, and as part of that effort, Uber informed the FTC and attorney general about the attack this morning.
    Uber's efforts to conceal the hack were led by chief security officer Joe Sullivan, who has been ousted from the company. Uber also let go of Craig Clark, a senior lawyer who worked with Sullivan.

    In light of the attack, Uber has hired Matt Olsen, who previously served as general counsel at the National Security Agency. Uber says Olsen will help the company restructure its security teams.

    Article Link: Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack
     
  2. Mansu944 macrumors 6502

    Joined:
    Mar 11, 2012
  3. Solomani macrumors 68040

    Solomani

    Joined:
    Sep 25, 2012
    Location:
    Alberto, Canado
  4. Lerxt macrumors regular

    Joined:
    Nov 30, 2012
    #4
    Another nail in the coffin for Uber for me. As soon as a decent competitor arrives where I live, I’m bailing out.
     
  5. Robert.Walter macrumors 65816

    Joined:
    Jul 10, 2012
    #7
    Did they disclose because it was leaking out?
     
  6. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    #8
    The will be the last straw for many people who have Lyft as an alternative. PR nightmare.
     
  7. just.jon macrumors newbie

    just.jon

    Joined:
    Jan 26, 2017
    #9
    Uber needs to go, now. The Justice Department needs to be looking hard at them for a handful of reasons.
     
  8. garirry macrumors 68000

    garirry

    Joined:
    Apr 27, 2013
    Location:
    Canada is my city
    #10
    Jesus christ first the net neutrality thing and now this... what a day.
     
  9. The Game 161 macrumors P6

    The Game 161

    Joined:
    Dec 15, 2010
    Location:
    UK
    #11
    what customer data though? numbers? as surely people just pay via cash?
     
  10. nabeel24 macrumors regular

    Joined:
    Oct 24, 2013
  11. now i see it macrumors 68020

    Joined:
    Jan 2, 2002
    #13
    All the hackers got were names and email addresses (of riders). Big deal.
     
  12. Watabou macrumors 68040

    Watabou

    Joined:
    Feb 10, 2008
    Location:
    United States
    #14
    The blame doesn’t just lie with those two. How did the rest of Uber’s upper management not notice why they paid $100K?
     
  13. Packers1958 macrumors 6502a

    Joined:
    Apr 16, 2017
    Location:
    South Dakota
    #15
    Yea, I really believe the hackers deleted the info after getting paid, because you can always take the word of a criminal.
    --- Post Merged, Nov 21, 2017 ---
    $100,000 not 100 million.
     
  14. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    #16
    Sure, but you're not going to defend Uber paying the hackers $100k to hide it are you? It's as shady as it gets. If they were upfront and honest about the hack I might have forgiven them.
     
  15. Contra1971 macrumors member

    Contra1971

    Joined:
    Dec 7, 2016
    Location:
    San Antonio
    #17
    I see a law suit against Uber for this in the near future
     
  16. DevNull0 macrumors 68000

    Joined:
    Jan 6, 2015
    #18
    All these companies see security as a cost that has no return. So it's where they think they can cut corners.
     
  17. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #19
    Can you trust hackers not to use (i.e, sell) the data they stole, even if you pay them? If they take your data, take your money, AND use the data, should you take them to court or offer them more money?

    Note to self: Perhaps it's not a great idea to store your internal passwords in your GitHub account.
     
  18. scottcampbell macrumors regular

    Joined:
    Aug 7, 2017
    #20
    What's your name and email address?
     
  19. blacktape242 macrumors 65816

    blacktape242

    Joined:
    Dec 17, 2010
    Location:
    Sacramento, CA
    #21
    oh god....its like the govt. paying all those people off who were sexually abused.....disgusting all the way around!
     
  20. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    First university coding class = 47 years ago
    #22
    If Uber hadn't paid, then the hackers would've sold the info to people up to no good.

    Which would you prefer? Lots of publicity with your info sold, or no publicity and your info safe?
     
  21. kildraik macrumors 6502a

    kildraik

    Joined:
    May 7, 2006
    Location:
    Boulder, CO
    #23
    Uber is as shady as most of their drivers. Astonishing, yet unsurprising given their history.
     
  22. patent10021 macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #24
    Unfortunately I think Uber will soon be operating in Vancouver, Canada. I'd much rather see Didi, Grab or Lyft in Vancouver than Uber. Didi drivers and company are awesome.
     
  23. Rudy69 macrumors 6502a

    Rudy69

    Joined:
    Mar 30, 2009
    #25
    How do you know it won't be sold in the future? (If it hasn't already)
     

Share This Page